IDS mailing list archives

RE: IDS Testing Method

From: Majed Mohammed Ayoub Al-Shodari <majeds () sedcogroup com>
Date: Fri, 23 Jul 2004 00:22:41 +0300

Dear NAVTEJ,

As you know there are thousands of the signatures of the NIDS. And it
divided to categories. And you should know you cannot test them all,
therefore, try to have many signatures from each category and do your test
depends on the signature behaviour.

If you select the required signatures for your test, please let me know
which signatures to provide you by the methodology to test them all.

If you need any further info, please don't hesitate to call me or drop me an
email.

            Thank you and best regards
--------------------------------------
Majed Mohammed Ayoub
Tel.    :(966-2) 606-6556 Ext. ( 361 )
Fax    :(966-2) 606-1342 Ext. ( 1361 )
Mobile:(966-50) 33-67-69-1
Information Systems Security Administrator
Technical Services Section
Information Technology Department
P. O. Box 4384 Jeddah 21491
Kingdom of Saudi Arabia
 

-----Original Message-----
From: M Shirk
To: focus-ids () securityfocus com
Sent: 7/21/2004 2:17 PM
Subject: RE: IDS Testing Method

If it is snort, you can use sneeze.pl to generate alerts. Also the
common 
way to test the IDS is to use a vulnerability scanner like Nessus and
scan a 
box, then run TCPDUMP and compare the packet count to make sure you are
not 
dropping packets.

If you are speaking of signatures, I usually just create or compile the 
exploits to make sure I am alerting on the traffic.

Shirkdog


-----Original Message-----
From: tonavtejkohli () hotmail com [mailto:tonavtejkohli () hotmail com]
Sent: Tuesday, July 20, 2004 6:48 AM
To: focus-ids () securityfocus com
Subject: IDS Testing Method
Importance: Low


Hi Lists,

I'm trying to find out ways of testing different IDS systems. Is there
any
way, recommended'/best practice methodology for testing Network based
IDS
(NIDS)
?
It would be very nice of you if anyone  can give me some technical
hints.
Any information - papers, tools, links and own experience are much
appreciated.

Hoping for a reply soon from your side.

Regards,

NAVTEJ KOHLI

_________________________________________________________________
Discover the best of the best at MSN Luxury Living.
http://lexus.msn.com/


------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
--

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------

Current thread:

IDS Testing Method NAVTEJ KOHLI (Jul 20)
- Re: IDS Testing Method Charles Heselton (Jul 22)
- Re: IDS Testing Method michael.li (Jul 26)
- <Possible follow-ups>
- RE: IDS Testing Method M Shirk (Jul 22)
  - Re: IDS Testing Method Nigel Houghton (Jul 25)
    - Re: IDS Testing Method Andrea Barisani (Jul 25)
- RE: IDS Testing Method Majed Mohammed Ayoub Al-Shodari (Jul 25)
  - Re: IDS Testing Method Ravi Kumar (Jul 26)